On Wed, Aug 02, 2017 at 09:44:41AM +0200, Jakub Hrozek wrote:
On Tue, Aug 01, 2017 at 06:52:41PM -0000, smfrench(a)gmail.com wrote:
> In one of our test domains, we noticed that the short name of the domain was not
being returned by "adcli info" (it is visible in the output of "net rpc
info" though and it is clearly configured in Windows and can be seen in the GUI and
CLI of Windows).
>
> Running "adcli info --verbose" we see only a few lines about contacting
servers, but nothing obvious to me.
>
> Any ideas about common reasons that adcli info can't return short domain name
from a particular win2K8 server but ok to others (while "net" can always return
it). Note that joining the domain (via realm) does work - even though can't get short
name
adcli uses an LDAP ping
(
https://msdn.microsoft.com/en-us/library/cc223811.aspx) to determine
details about the domain. As can be seen in
https://msdn.microsoft.com/en-us/library/cc223813.aspx the reply might
come in various formats but adcli can currently only handles
LOGON_SAM_LOGON_RESPONSE_EX.
Feel free to send me the output of
ldapsearch -x -H ldap://your.win2K8.dc -b ''
'(&(DnsDomain=your.domain)(NtVer=\06\00\00\00))' -s base netlogon
and I can check if adcli can handle the outout or not.
bye,
Sumit
>
> Hi,
> I know I'm not answering your question, but I just wanted to say that
> Sumit, who currently maintains adcli is on vacation for another two
> weeks, so it might be a while until he has a chance to answer..
> _______________________________________________
> sssd-devel mailing list -- sssd-devel(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-devel-leave(a)lists.fedorahosted.org